[英]Deny User Agent in Kubernetes Nginx Ingress Controller
I'm being hit with a vulnerability probe which uses User-Agent: Mozilla/5.0 Jorgee
and I want to drop/reject any requests from that user agent. 我受到使用
User-Agent: Mozilla/5.0 Jorgee
的漏洞探针的User-Agent: Mozilla/5.0 Jorgee
,我想删除/拒绝来自该用户代理的任何请求。
I've been digging around the k8s examples but I can't seem to find a solution. 我一直在研究k8s示例,但似乎找不到解决方案。
Is there any way I can deny requests based on User-Agent
with gcr.io/google_contianers/nginx-ingress-controller:0.8.3
? 有什么方法可以使用
gcr.io/google_contianers/nginx-ingress-controller:0.8.3
拒绝基于User-Agent
的gcr.io/google_contianers/nginx-ingress-controller:0.8.3
?
As best I can tell from the nginx go-template , that is not something the current implementation of their ingress controller offers. 从nginx go-template最好的看出来,这并不是他们的入口控制器的当前实现提供的。 I believe that in their mental model, one would wish to do that kind of suppression in a per-
Service
manner, since doing it in the Ingress
controller could very easily apply that rule to the whole cluster, leading to surprising outcomes for other published Service
s. 我相信,在他们的思维模型中,希望以每
Service
方式进行这种抑制,因为在Ingress
控制器中执行此操作可以很容易地将该规则应用于整个集群,从而为其他已发布的Service
带来令人惊讶的结果秒。 I took a look at the haproxy controller's go-template and it seems to be true there, also. 我看了一下haproxy控制器的go-template ,那里似乎也是如此。
At this point, I think you have two options: 在这一点上,我认为您有两种选择:
nginx.tmpl
nginx.tmpl
backendRule
array seems not to be standard backendRule
数组取模似乎不是标准的 you can add custom nginx configuration snippets to Ingresses with annotations, at least for the "normal" nginx controller, not sure if that works with the GCE controller too. 您可以至少在“正常” nginx控制器上向带有注释的Ingress添加自定义nginx配置片段,不确定是否也可以在GCE控制器上使用。 See eg here: https://github.com/kubernetes/ingress/blob/master/examples/customization/configuration-snippets/nginx/ingress.yaml#L8
参见例如此处: https : //github.com/kubernetes/ingress/blob/master/examples/customization/configuration-snippets/nginx/ingress.yaml#L8
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.